Spaces:

cjovs
/

XAPI

Sleeping

App Files Files Community

XAPI / backend /internal /handler /totp_handler.go

cjovs

Deploy Sub2API HF Space with embedded Postgres/Redis backup runtime

8059bf0 verified 29 days ago

raw

history blame contribute delete

4.93 kB

	package handler

	import (
	"github.com/gin-gonic/gin"

	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
	"github.com/Wei-Shaw/sub2api/internal/service"
	)

	// TotpHandler handles TOTP-related requests
	type TotpHandler struct {
	totpService *service.TotpService
	}

	// NewTotpHandler creates a new TotpHandler
	func NewTotpHandler(totpService service.TotpService) TotpHandler {
	return &TotpHandler{
	totpService: totpService,
	}
	}

	// TotpStatusResponse represents the TOTP status response
	type TotpStatusResponse struct {
	Enabled bool `json:"enabled"`
	EnabledAt *int64 `json:"enabled_at,omitempty"` // Unix timestamp
	FeatureEnabled bool `json:"feature_enabled"`
	}

	// GetStatus returns the TOTP status for the current user
	// GET /api/v1/user/totp/status
	func (h TotpHandler) GetStatus(c gin.Context) {
	subject, ok := middleware2.GetAuthSubjectFromContext(c)
	if !ok {
	response.Unauthorized(c, "User not authenticated")
	return
	}

	status, err := h.totpService.GetStatus(c.Request.Context(), subject.UserID)
	if err != nil {
	response.ErrorFrom(c, err)
	return
	}

	resp := TotpStatusResponse{
	Enabled: status.Enabled,
	FeatureEnabled: status.FeatureEnabled,
	}

	if status.EnabledAt != nil {
	ts := status.EnabledAt.Unix()
	resp.EnabledAt = &ts
	}

	response.Success(c, resp)
	}

	// TotpSetupRequest represents the request to initiate TOTP setup
	type TotpSetupRequest struct {
	EmailCode string `json:"email_code"`
	Password string `json:"password"`
	}

	// TotpSetupResponse represents the TOTP setup response
	type TotpSetupResponse struct {
	Secret string `json:"secret"`
	QRCodeURL string `json:"qr_code_url"`
	SetupToken string `json:"setup_token"`
	Countdown int `json:"countdown"`
	}

	// InitiateSetup starts the TOTP setup process
	// POST /api/v1/user/totp/setup
	func (h TotpHandler) InitiateSetup(c gin.Context) {
	subject, ok := middleware2.GetAuthSubjectFromContext(c)
	if !ok {
	response.Unauthorized(c, "User not authenticated")
	return
	}

	var req TotpSetupRequest
	if err := c.ShouldBindJSON(&req); err != nil {
	// Allow empty body (optional params)
	req = TotpSetupRequest{}
	}

	result, err := h.totpService.InitiateSetup(c.Request.Context(), subject.UserID, req.EmailCode, req.Password)
	if err != nil {
	response.ErrorFrom(c, err)
	return
	}

	response.Success(c, TotpSetupResponse{
	Secret: result.Secret,
	QRCodeURL: result.QRCodeURL,
	SetupToken: result.SetupToken,
	Countdown: result.Countdown,
	})
	}

	// TotpEnableRequest represents the request to enable TOTP
	type TotpEnableRequest struct {
	TotpCode string `json:"totp_code" binding:"required,len=6"`
	SetupToken string `json:"setup_token" binding:"required"`
	}

	// Enable completes the TOTP setup
	// POST /api/v1/user/totp/enable
	func (h TotpHandler) Enable(c gin.Context) {
	subject, ok := middleware2.GetAuthSubjectFromContext(c)
	if !ok {
	response.Unauthorized(c, "User not authenticated")
	return
	}

	var req TotpEnableRequest
	if err := c.ShouldBindJSON(&req); err != nil {
	response.BadRequest(c, "Invalid request: "+err.Error())
	return
	}

	if err := h.totpService.CompleteSetup(c.Request.Context(), subject.UserID, req.TotpCode, req.SetupToken); err != nil {
	response.ErrorFrom(c, err)
	return
	}

	response.Success(c, gin.H{"success": true})
	}

	// TotpDisableRequest represents the request to disable TOTP
	type TotpDisableRequest struct {
	EmailCode string `json:"email_code"`
	Password string `json:"password"`
	}

	// Disable disables TOTP for the current user
	// POST /api/v1/user/totp/disable
	func (h TotpHandler) Disable(c gin.Context) {
	subject, ok := middleware2.GetAuthSubjectFromContext(c)
	if !ok {
	response.Unauthorized(c, "User not authenticated")
	return
	}

	var req TotpDisableRequest
	if err := c.ShouldBindJSON(&req); err != nil {
	response.BadRequest(c, "Invalid request: "+err.Error())
	return
	}

	if err := h.totpService.Disable(c.Request.Context(), subject.UserID, req.EmailCode, req.Password); err != nil {
	response.ErrorFrom(c, err)
	return
	}

	response.Success(c, gin.H{"success": true})
	}

	// GetVerificationMethod returns the verification method for TOTP operations
	// GET /api/v1/user/totp/verification-method
	func (h TotpHandler) GetVerificationMethod(c gin.Context) {
	method := h.totpService.GetVerificationMethod(c.Request.Context())
	response.Success(c, method)
	}

	// SendVerifyCode sends an email verification code for TOTP operations
	// POST /api/v1/user/totp/send-code
	func (h TotpHandler) SendVerifyCode(c gin.Context) {
	subject, ok := middleware2.GetAuthSubjectFromContext(c)
	if !ok {
	response.Unauthorized(c, "User not authenticated")
	return
	}

	if err := h.totpService.SendVerifyCode(c.Request.Context(), subject.UserID); err != nil {
	response.ErrorFrom(c, err)
	return
	}

	response.Success(c, gin.H{"success": true})
	}